Porting From Earlier BC Releases to 1.47 and Later
Pages 15
Clone this wiki locally
1.47 represents another step along to version 2. A substantial rewrite has been done on the ASN.1 library, hopefully to simplify it, but also to make it more efficient and remove a lot of ambiguities (well as many as possible under the circumstances...) There have also been some changes in CMS and the OpenPGP API now allows similar objects to the operators used by 1.46 CMS to relieve the need to do everything via a JCA/JCE provider.
JAR dependencies
-
bcpkixdepends onbcprov. -
bcmaildepends onbcpkixandbcprov, as well as JavaMail and the activation api. -
bcpgdepends onbcprov.
The only thing in the bcmail jar is the SMIME implementation for JavaMail. CMS, certificate generation, PKCS 12 file handling, OpenSSL PEM file handling, EAC and TSP are in the bcpkix jar.
ASN.1 Changes
The following classes have changed names:
| Old Class | New Class |
|---|---|
| ASN1Object | ASN1Primitive |
| ASN1Encodable | ASN1Object |
| DEREncodable | ASN1Encodable |
| DERObject | ASN1Primitive |
| DERString | ASN1String |
| DERObjectIdentifier | ASN1ObjectIdentifier |
| X509Name | X500Name |
| DERInteger | ASN1Integer |
| DEREnumerated | ASN1Enumerated |
| X509Attributes | X509AttributeIdentifiers |
| X509Extension | Extension |
The following methods have changed:
| Old Method | New Method |
|---|---|
| getDERObject() | toASN1Primitive |
| getDEREncoded() | getEncoded(ASN1Encoding.DER) |
| new CRLReason(int) | CRLReason.lookup(int) |
DLSet and DLSequence have been added to allow people to distinguish between DER and definite length encoding.
Construction of high level ASN.1 objects from primitive ones should always be done by getInstance() - for example new Attribute(ASN1Sequence) has become Attribute.getInstance(ASN1Sequence).
The getInstance methods can now (generally) take byte[] arrays, so it's possible to say ASN1Sequence.getInstance(byte[]), rather than having to say ASN1Sequence.getInstance(ASN1InputStream(byte[]).readObject()).
CMS Changes
RecipientId can not be instantiated any more, use things like KeyTransRecipientId or JceKeyTransRecipientId as appropriate.
SignerId now requires a specific constructor.
To convert from SignerIds and RecipientIds use the JcaX509CertSelectorConverter class. To convert from X509CertSelectors use the JcaX509SelectorConverter class.
OpenPGP Changes
See the OpenPGP examples package for updates to the new API.
PKCS Changes
PKCS10CertificationRequestHolder has become PKCS10CertificationRequest.
Provider Changes
The provider is now a lot more configurable. The possibly the biggest benefit of this is it is now a lot easier to construct a stripped down version. It does mean the underlying generated types for asymmetric keys have changed though, for example JCEECPrivateKey has become BCECPrivateKey. The change in key types has also allowed us to fix serialisation issues that were starting to show up with systems like JBoss
Miscellaneous
The lightweight stream classes: MacOutputStream, DigestOutputStream, and SignerOutputStream have changed. To get equivalent functionality to before use TeeOutputStream as well.
Finally
Don't forget to donate. Help us keep this project independent and going! Thanks.